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REMARKS 

Claims 1, 6-9 and 1 1 are pending in this application. All of the pending claims are 
rejected. None of the claims are currently amended. Reconsideration is requested. 

The presently claimed invention provides scalable security by utilizing group security 
associations rather than point-to-point security associations. Group security associations are 
known for communications common to a group, e.g., multicast. However, point-to-point security 
associations are used for group security when communications are not common to the group. For 
example, as explained in the Background at page 2, lines 19-24, VPNs and IPsec tunneling use 
point-to-point connections between sites. Each secure connection requires storage of association 
data. Consequently, the amount of data that must be stored to support N point-to-point 
connections increases at a rate of N 2 -l . This presents a scalability problem that is at least 
mitigated by utilizing a group security association for members of a private network, e.g., store 
one group security association from the private network rather than individual security 
associations for each point-to-point or member-to-member connection. 

Claims 1, 6-9 and 1 1 are rejected under 35 U.S.C. 103(a) based on US 2002/0154635 
(Liu) in combination with US 6,970,941 (Caronni) and US 6,185,650 (Shimbo). With regard to 
the limitation of "transforming, at a client edge device, the tunneled packet by first applying a 
group security association associated with the private network to the tunneled packet to 
provide a secure tunneled packet and then adding a header field to the secure tunneled packet, the 
added header field including a gateway address associated with the first member of the private 
network and a destination address of the second member of the private network to provide a 
client transformed packet," (emphasis added) recited in claim 1, and the corresponding 
limitations recited in claims 9 and 1 1, the Examiner cites Caronni at column 7, lines 5-33; 
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column 3, lines 17-21; and column 11, lines 37-43. The Examiner elaborates on the citation by 
stating that "the mappings of the internal/private address, known as node ID, which is considered 
part of the group security association ... the security association (SA) is related to Authentication 
Header (AH) .. . ." Applicant respectfully traverses. The specification of this application 
describes a Group Security Association (GSA) at page 1 1 , line 12 through page 12, line 5. Note 
that the GSA is a bundling of SAs that together define how a group securely communicates, 
e.g., selectors, properties, cryptographic policy and keys. Applicant submits that the Examiner's 
assertion that mappings between internal and external addresses is analogous to a GSA is 
fundamentally flawed because such a mapping is neither (a) encompassed by the description in 
the specification, nor (b) capable of providing any practical measure of security for 
communications. The cited passage at column 7 describes such an address mapping. Note that 
there is no indication in Caronni that the external address is secure or used for a group. There is 
no indication that the mapping is anything more than address resolution for routing purposes. 
Caronni describes providing security elsewhere, but only point-to-point security techniques 
which suffer the scalability problem discussed above. For example, the cited passage at column 
3 describes "secure communications between nodes," rather than secure communications 
between all nodes associated with a group using the same GSA. The cited passage at column 1 1 
is unrelated to security. Because Caronni fails to describe applying a group security 
association associated with the private network to the tunneled packet to provide a secure 
tunneled packet, claims 1, 9 and 1 1 distinguish the cited combination. 1 



1 Note that Liu and Shimbo are not cited as showing this novel feature and are therefore not discussed in detail. 
However, Applicant does not concede the asserted characterizations of those references. 
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Claims 6-8 are dependent claims which further distinguish the invention, and which are 
allowable for the same reasons as their respective base claims. Withdrawal of the rejections of 
claims 1, 6-9 and 1 1 is therefore requested. 

This application is now considered to be in condition for allowance and such action is 
earnestly solicited. Should there remain unresolved issues that require adverse action, it is 
respectfully requested that the Examiner telephone Applicants' Attorney at the number listed 
below so that such issues may be resolved as expeditiously as possible. 
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